Cloud Native News - CNN21/46
About the new KCNA certification, approaches to inspect a container's filesystem (you'll learn a lot!), Prometheus's new Agent Mode for optimizing remote write, and a deep dive of Fulcio - the Let's Encrypt for code signing...
Community
- Why Cloud-Native Is About Community
Cloud-native is only as good as the support and input the community provides. In this spirit, the continues to invest heavily in the community to support new and existing projects, including Kubernetes, Prometheus, and Envoy, which are among the cornerstones of cloud-native today. Listen to the New Stack Podcast! - Cloud-Native Hackathon
Have some time left from the 9th - 12th of December? Attend the Cloud Native Hackathon, grow your experience, and win some fantastic prizes! - Kubernetes and Cloud-Native Essentials Training and KCNA Certification Now Available
A new training course from CNCF and The Linux Foundation provides basic knowledge of Kubernetes and cloud-native architectures and helps prepare for new entry-level certification.
Tutorials
- Detecting a Container Escape with Cilium and eBPF
The container escape attack covered in this blog post included simple but effective steps proving that Security Teams need Observability and the ability to Measure the data to detect those steps. Learn how to use Isovalent Cilium observability to detect container escapes. - Where are my container's files? Inspecting container filesystems
This post covers a few methods you can use to inspect the files inside a container. Maybe the container is failing to run correctly, and you want to read some logs; perhaps you want to check some configuration files inside the container...
Editorial
- Living with Kubernetes: 12 Commands to Debug Your Workloads
It doesn’t matter if you get the dreaded CrashLoopBack or other failures. The commands here will help you narrow down workload problems so that you can fix them. We’ll stick with commands that should work in any cluster, no matter where you run it. - Kubernetes: what are the key benefits for companies?
Kubernetes has become an increasingly popular solution for organizations worldwide, regardless of their size or the industry in which they operate. But what are the benefits from a business perspective?
Tools
- Introducing Prometheus Agent Mode, an Efficient and Cloud-Native Way for Metric Forwarding
"The Agent mode optimizes Prometheus for the remote write use case. It disables querying, alerting, and local storage, and replaces it with a customized TSDB WAL. Everything else stays the same: scraping logic, service discovery and related configuration. It can be used as a drop-in replacement for Prometheus if you want to just forward your data to a remote Prometheus server or any other Remote-Write-compliant project." - armosec/kubescape
Kubescape is the first open-source tool for testing if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies, and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®. - A Fulcio Deep Dive
Fulcio certificates are designed for signing code, not web encryption. Key reuse is hard to get right without taking great care, so individual certificates usually are only valid for a few particular use cases.
Photo by Ümit Yıldırım on Unsplash